Shipping secure code is complex. It often requires juggling multiple scanners, tools, policies and brittle CI scripts. Smithy is built to remove complexity from this entanglement, empowering you to focus on what matters most: securing your code and your business.
Got legacy scanners or some home‑grown engine? Plug it straight in! Our new Python SDK lets you integrate whatever you might need in minutes. Take a look at the README for a quick start guide.
Complexity is the enemy of innovation - and security
Code Security is a complex process by nature. Handling diverse codebases while ensuring a broad coverage forces you to run multiple scanners. Orchestrating the scanners and (even more important) deduplicating and aggregating the findings is a complex process.
So if you leave this process complex, it also means it is hard to extend, whether that’s wiring in a niche ticketing system or connecting an ancient in‑house tool. Complex systems don’t work with them nor can you build integrations yourself.
From Rodent to Snake: Go SDK gets a Python Companion - removing Complexity
We’ve offered an open‑source SDK for quite some time now. However, this SDK is written in Go. This was a logical choice, as Go is a great language for building performant and reliable systems. It’s the language most of the Smithy backend is written in.
But we recognize Go isn’t the most popular - or the most beginner‑friendly - language.
Therefore we decided to build a Python SDK, which allows you to build custom Enrichers and integrations with Smithy in a language that is more accessible to many developers.
Why Python?
Python is the most popular programming language in the world according to:
On top of that it’s consistently cited as the easiest language to pick up and is widely used for automation and scripting in the security industry. This makes it an ideal choice for being the second SDK we offer.
Why is this important? Because it allows a wider range of developers or security professionals to build custom integrations with Smithy, without needing to get into the weeds of Go.
Let’s look at a minimal example of what the Python SDK allows you to do:
1from smithy import Enricher, findings_service, ocsf_schema
2from smithy.ocsf_ext.Enrichment import EnrichmentType
3from typing import Optional, override
4from logging import Logger
5
6class ExampleEnricher(Enricher):
7 def __init__(self, logger:Optional[Logger] = None):
8 super().__init__(logger)
9
10 # An Enricher must implement and override the enrich method
11 @override
12 def enrich(
13 self, finding: findings_service.Finding
14 ) -> findings_service.Finding:
15 # Add custom enrichment logic here
16 finding.details.enrichments.append(
17 ocsf_schema.Enrichment(
18 name = "Example Enrichment",
19 provider = "ExampleEnricher",
20 type = str(
21 EnrichmentType.ENRICHMENT_TYPE_UNKNOWN
22 ),
23 value = "Example value",
24 )
25 )
26 return findingWith this Enricher, you now only need to pass it to an instance of the Smithy SDK’s Runner class and it will be a done deal. The Runner will take care of the rest, including running the Enricher against all findings.
What the Python SDK empowers you to do
The Python SDK allows you to add your own custom Enrichers and integrations to Smithy. This means you can not only add integrations we did not think of yet, but also add new Enrichers which add additional information to vulnerabilities.
Looking for a fun weekend project?
Why not build a custom Reporter that sends a message to your developers on Steam - right in the middle of an intense Counter-Strike match - letting them know they’ve introduced a critical vulnerability?
Okay, it’s a silly example. But let’s run with it: to make this work, you’d also need an Enricher that attaches each developer’s Steam username to the vulnerability, so the message reaches the right person.
That’s exactly the kind of thing the new Python SDK makes so easy, you might actually do it. Look at the code example above, it shows the code required for a simple enricher.
Integrate AI - Turn your AI Roadmap into a Smithy Component, or two
With Python being the most widely used programming language for AI and machine learning, the new Python SDK makes building custom AI Components a breeze. These Components can leverage popular AI frameworks and libraries to provide advanced capabilities, such as natural language processing, code analysis, and more.
Want an example? We’re building an AI‑powered Enricher that will automatically fix vulnerabilities in your code. This Enricher will analyze the vulnerability, understand the context, and suggest a fix that you can apply directly in your codebase. This is just one example of what you can do with the Python SDK and AI.
The possibilities are endless, and we can’t wait to see what you come up with.
Already built something for that? Fantastic - let’s integrate it!
Many of our customers bring a home-grown script, a proof-of-concept, or even a full-blown tool already in internal or external development to the table when they start talking to us. If that’s you: bravo! 🎉
Smithy’s job is not to replace whatever you’ve already built. Instead we kindly invite you to spend an afternoon of your time, take a look at our open-source Go or Python SDKs and easily integrate your solution into Smithy to supercharge it.
You’ve already built something amazing - let Smithy make that something unstoppable.
Try it & tell us what you think!
Go visit our GitHub repository and check out the Python SDK. Take a look at the README for detailed instructions on how to get started.